Contact Information

How a Security-Only Network Can Limit Risks from Data Breaches

posted Jul 6, 2017, 11:09 AM by Resty Manapat

A security-only network delivers a higher level of
protection while not impacting business critical systems

Cyber attacks are one of the greatest threats facing
global businesses today. Hardly a day goes by that there is not a report of
another company suffering at the hands of hackers breaching their networks and
stealing sensitive customer or proprietary business data. According to the
Identify Theft Resource Center (ITRC), there were 781 known data breaches in
2015. This is the second-highest number on record since tracking began in 2005.

Although data breaches and cyber attacks are real risks
for all type of public and private organizations, retailers are particularly
vulnerable to these crimes. In this competitive industry, these crimes can have
devastating effects on consumers and potentially damage the retailer’s brand
and corporate reputation beyond repair.

Furthermore, cyber-crimes do not target one class of
retailers. Over the past several years, retailers from superstores to
supermarkets have reported data breaches, where potentially millions upon
millions of consumer debit and credit card information were exposed or
comprised.

Emerging Trends

In response to the threats presented by cyber-criminals,
many retailers are physically separating the IT infrastructure for their
networks based on their primary usage to limit exposure. A prime example is
creating a separate network to run physical security applications from the
network used for POS data. A security-only network is typically used to host
the company’s security devices such as intrusion detection, video, access
control devices and related devices along with building automation systems such
as HVAC.

Benefits

The benefits of these networks are multi-faceted. Not
only does the security-only network deliver a higher level of protection, but
it also offers faster speeds, more bandwidth and easier access to the network
for loss prevention teams while not impacting business-critical systems.

Further benefits to a separate network include nearly
unlimited access to applications such as remote monitoring of video or remote
investigations, allowing investigators immediate access to video and supporting
data. Many times, loss prevention teams are relegated to downloading video for
investigative purposes in the overnight hours, when the primary network is not
being used for POS data. Easy access to video can reduce travel time to
specific locations and associated expenses, as well as the time it takes to
conduct the investigations.

When the security network is monitored by a certified
third-party provider, added benefits include advanced alerts of potential
system failure or attempted breach of the network. The monitoring company can
also ensure that the network is adhering to the latest network security
protocols and has updated anti-virus software at all times.

Who Should
Consider It?

Any type of retailer that is looking to provide a safer
and more secure environment for its customers’ data while maintaining a higher
level of security for its business critical operations is a candidate for a
dedicated security-only network.

Selecting a
Third-Party Provider

When considering a third-party provider for security-only
networks, traditional IT companies that design and implement standard networks
may not be your best option. Selecting a company that has the proper
certifications for designing networks as well as deep industry knowledge of
security devices and how they need to work together will greatly enhance the
overall end result.

Certifications such as Cisco Cloud and Managed Services
Partner Certification, Meraki Certified, Sonicwall Certified, and security
product-specific certifications will ensure successful system integration.
Cisco Cloud and Managed Services Partner certification recognizes companies who
have attained the expertise in the planning, designing, implementing and
supporting of cloud or managed services based on Cisco platforms.

Steps to Consider

One of the first steps is to identify the circuit
requirements for the security-only network. Understanding what types of
applications are going to be running on the network and how much bandwidth and
speed is necessary to support the applications is key. Security-only networks
are often based on commodity broadband, so it is important to ensure that the
carrier can deliver reliable service and speed at any given location.

Once the network parameters of adequate circuit bandwidth
are determined, additional considerations that must be designed into the system
include remote (VPN) access and appropriate security measure and rules. At a
minimum, there should be a strict password update rule both for duration of
password life as well as re-use of passwords used in the past. Ideally, a
consolidated security identification system should be established to ensure
continuous monitoring of access with biometric or other proven security
solutions as part of any access to the network.

If any part of the network is wireless enabled,
appropriate security for network access and ongoing traffic monitoring are
essential. If they are not part of the system, monitoring to make sure that no
additional devices with wireless capability are installed on the system.

Firewall protection design is essential. With the advent
of IPv6 and its inclusion in networks, there is a potential for security breach
when tools designed for IPv4 are faced with IPv6 calls.

The growing threat of data breaches, cyber crime, and the
high cost associated with remediating the aftermath of an attack, both in terms
of hard dollars and the damage to brand reputation and customer trust, can be
devastating to a retailer.

Cyber-crime rates are escalating at exponential levels
and cyber criminals will continue to grow more sophisticated in their approach.
Now is the time to ensure your business is protected.

The vice president of loss prevention for a leading
international retailer summed it up by saying, “Deploying a separate network
for security and having an independent team monitor it is one less thing that I
need to worry about.”

Please consult an attorney for advice about your individual situation. This site and its information is not legal advice, nor is it intended to be. Feel free to get in touch by electronic mail, letters or phone calls, please withhold from sending any confidential information to us.